Privacy Policy

Your privacy is important to us. This policy explains how SuperGuitarLicks collects, uses, and protects your personal information.

Last Updated: January 2025 | Effective Date: January 1, 2025

Your Data Journey at SuperGuitarLicks

Discover how we collect, process, store, and protect your personal information. This comprehensive diagram shows the complete flow from your first visit to data retention and deletion.

Complete Data Flow Overview

👤 User Visits
superguitarlicks.com

🍪 Cookie Consent
Banner Appears

✅ Accept All
• Essential • Analytics
• Marketing • Third-Party

🔒 Essential Only
• Security • Preferences
• Authentication

⚙️ Custom Settings
User chooses
categories

📊 Data Collection

📈 Analytics Data
Google Analytics
Page views, Sessions

🎯 Marketing Data
Email tracking
Campaign attribution

🔐 Essential Data
Auth tokens
User preferences

🎥 Third-Party Data
Vimeo analytics
Social sharing

📊 Supabase Database
lessons.superguitarlicks.com
🔒 Row Level Security
Encrypted storage, GDPR compliance

🌐 External Services
Vimeo, Social platforms
🏪 Local Storage
Browser consent (365 days)

📧 User Communications
Progress emails
Course updates

📊 Business Analytics
Completion rates
Engagement metrics

🗑️ Data Retention
User can delete account
30-day purge cycle

🌟 User Control

You decide what data we collect through cookie consent choices

🍪 Consent First

Clear consent banner before any non-essential tracking

🔒 Secure Storage

Enterprise-grade security with Supabase and encryption

🗑️ Easy Deletion

Complete data deletion within 30 days when requested

Interactive Data Handling Details

Click on each step below to explore detailed information about our data handling practices.

💡 Click on any step below to expand details

Data Collection

Information you provide when using our services

Data Processing

How we use your information to provide services

Data Storage

Secure storage of your information

Data Sharing

Limited sharing with trusted partners

Your Rights

Control over your personal data

Data Protection Summary

🛡️

End-to-End Encryption

Your data is encrypted in transit and at rest using industry-standard protocols.

🔒

Access Controls

Strict access controls ensure only authorized personnel can access your information.

⚖️

Your Rights

You have full control over your data with rights to access, modify, or delete.

Have questions about how we handle your data?

Contact Our Privacy Team

Policy Information

Effective Date

January 1, 2025

Last Updated

December 2025

December 2025 Update: Added Google Ads and Microsoft Ads tracking disclosures, PayPal payment processing, geographic consent logic, California "Do Not Sell or Share" rights, and enhanced data retention periods. This updated policy provides comprehensive details about Facebook Pixel/CAPI tracking, advanced Google Analytics 4 implementation, and detailed data collection practices.

Information We Collect

Personal Information You Provide

Account Creation

• Full name and email address
• Password (encrypted)
• Profile preferences
• Learning goals and skill level

Payment Information

• Credit/debit card details (via Stripe)
• Billing address
• Payment history
• Subscription preferences

Communication

• Support messages and feedback
• Email preferences
• Survey responses
• Community participation

Learning Data

• Course progress and completion
• Video watch time and engagement
• Quiz scores and assessments
• Bookmarks and favorites

Automatically Collected Information

Technical Data

• IP address and general location
• Device type, OS, and browser
• Screen resolution and device specs
• Language and timezone settings

Usage Analytics

• Pages visited and navigation paths
• Session duration and frequency
• Click patterns and interactions
• Search queries within our platform

Performance Data

• Page load times and errors
• Video buffering and quality
• Feature usage and adoption
• System performance metrics

Advanced Analytics Data

• Facebook Pixel & CAPI tracking
• Google Analytics 4 ecommerce events
• Microsoft Clarity session recordings & heatmaps
• Campaign attribution (UTM parameters)
• Cross-device tracking identifiers
• Purchase behavior and transaction details
• Lead generation and form submissions
• Video engagement and lesson progress
• Session tracking across platforms
• User behavior patterns and frustration signals

CCPA Data Categories

Under the California Consumer Privacy Act (CCPA), we collect the following categories of personal information:

A. Identifiers

Name, email, IP address, device IDs, account usernames

B. Commercial Information

Purchase history, course enrollments, transaction records

D. Internet Activity

Browsing history, search queries, page interactions, video engagement

G. Geolocation Data

Approximate location (country, state) from IP address

K. Inferences

Learning preferences, skill assessments, content recommendations

L. Sensitive Info (Limited)

Account credentials only (encrypted, never shared)

Facebook Pixel & Conversions API Tracking

What Facebook Tracking Does

We use Facebook Pixel and Conversions API (CAPI) to track your interactions with our website and optimize our advertising. This allows us to show you relevant ads on Facebook and Instagram, and measure the effectiveness of our marketing campaigns.

Data We Send to Facebook

• Page views and website navigation
• Contact form submissions and newsletter signups
• Product purchases and transaction details
• Items added to cart and browsing behavior
• Hashed email addresses and names (for privacy)
• Device information and IP addresses
• Campaign attribution data (UTM parameters)

Facebook Cookies We Use

• _fbp: Facebook Browser Pixel for tracking visits
• _fbc: Facebook Click ID for campaign attribution
• fb_session_id: Our internal session tracking
• Standard Facebook advertising cookies

These cookies expire after 90 days and help prevent duplicate tracking between browser and server events.

Your Control Over Facebook Tracking

Cookie Preferences

You can disable marketing cookies through our cookie preference center, which will stop new Facebook tracking.

Facebook Settings

Visit Facebook's Ad Preferences to control how Facebook uses your data for advertising across all websites.

Browser Controls

Use browser privacy settings, ad blockers, or private browsing mode to limit tracking capabilities.

Google Analytics 4 & Ecommerce Tracking

Advanced Analytics Implementation

We use Google Analytics 4 (GA4) to understand how you use our website and courses. This helps us improve your learning experience and optimize our educational content.

What GA4 Tracks

• Page views, session duration, and navigation patterns
• Course enrollments and lesson completion rates
• Video engagement (play, pause, completion)
• Purchase events and transaction details
• User demographics and interests (when available)
• Campaign performance and attribution
• Custom conversion goals and user segments

Data Storage & Retention

• Analytics data stored in Google's servers
• Individual user data retained for 14 months
• Aggregated data retained for statistical analysis
• IP addresses are anonymized by default
• Cross-device tracking via Google signals
• Enhanced ecommerce data for business insights

Google Ads Conversion Tracking

Advertising Conversion Measurement

We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns and optimize our marketing spend. This helps us show relevant ads to people interested in learning guitar.

What Google Ads Tracks

• GCLID (Google Click ID) from ad clicks
• Lead form submissions and quiz completions
• Purchase conversions and transaction values
• Page views from ad traffic
• Cross-device conversion attribution

Enhanced Conversions

• Hashed email addresses (SHA-256 encrypted)
• Hashed names and phone numbers (when provided)
• Used to improve conversion measurement accuracy
• Data is hashed before transmission for privacy
• Requires marketing consent to activate

Microsoft Advertising & UET Tracking

Microsoft Universal Event Tracking (UET)

We use Microsoft Advertising UET to track conversions from Bing, Microsoft Edge, and the Microsoft advertising network. This works alongside Microsoft Clarity for comprehensive user behavior analysis.

What Microsoft UET Tracks

• Page views and site navigation
• Lead form submissions
• Purchase conversions and revenue
• Custom conversion events
• Audience building for remarketing

Integration with Clarity

• UET and Clarity share session data
• Unified view of user journey
• Enhanced conversion attribution
• Same privacy protections apply
• Respects consent preferences

Legal Basis for Processing (GDPR)

Contract Performance

Processing necessary for the performance of our contract with you:

• Account creation and management
• Course delivery and progress tracking
• Payment processing and billing
• Customer support services

Consent

• Marketing communications
• Non-essential cookies
• Newsletter subscriptions
• Personalized recommendations

Legitimate Interest

• Website analytics and improvement
• Fraud prevention and security
• Internal business operations
• Product development

How We Use Your Information

Service Delivery

• Create and manage your account
• Provide guitar lessons and courses
• Process payments and subscriptions
• Track your learning progress
• Deliver customer support
• Send course updates and notifications

Personalization

• Recommend relevant courses and content
• Customize learning experience
• Track progress and achievements
• Provide personalized feedback
• Remember your preferences
• Suggest skill-appropriate content

Improvement & Security

• Analyze usage patterns and trends
• Improve our services and platform
• Develop new features and courses
• Ensure security and prevent fraud
• Monitor system performance
• Comply with legal obligations

Marketing Communications (With Your Consent)

• Send promotional emails about new courses
• Share guitar learning tips and resources
• Announce special offers and discounts
• Provide personalized course recommendations

You can opt out at any time by:

• Clicking unsubscribe in any email
• Updating your account preferences
• Contacting our support team

Microsoft Clarity User Behavior Analytics

Session Recording & Heatmap Analytics

We use Microsoft Clarity to understand how you interact with our website and learning platform. This free service provides session recordings, heatmaps, and user insights to help us improve your experience.

What Clarity Records

• Session recordings (videos of how you use our site)
• Click patterns and mouse movements
• Scroll behavior and page interactions
• Heatmaps showing popular content areas
• Frustration signals (dead clicks, rage clicks)
• Page performance from user perspective
• User journey paths and navigation patterns

Privacy Protections

• Sensitive form fields automatically masked
• Password inputs completely hidden
• Personal information automatically obscured
• Respects "Do Not Track" browser settings
• No personally identifiable information stored
• GDPR and CCPA compliant data handling
• Data stored securely by Microsoft

Why We Use Microsoft Clarity

User Experience Improvements

• Identify usability issues and fix them
• Understand where users get confused
• Optimize lesson navigation and course flow
• Improve mobile and desktop experiences
• Reduce user frustration and abandonment

Platform Optimization

• Enhance checkout and signup processes
• Improve page load speeds and performance
• Optimize content layout and design
• Ensure courses are easy to navigate
• Create better learning experiences

Your Control Over Clarity Tracking

Automatic Protections

• Form inputs are automatically masked
• Credit card and payment info hidden
• Email addresses and personal data obscured
• Sensitive elements excluded from recordings

Opt-Out Options

• Enable "Do Not Track" in your browser
• Contact us to exclude your sessions
• Use private/incognito browsing mode
• Block Clarity via ad blockers

Microsoft Clarity is completely free and helps us provide you with a better learning experience. All data is processed according to Microsoft's strict privacy standards and your information remains secure.

Detailed Cookie Policy

Cookie Categories & Specific Cookies

Essential Cookies

Always Active

Required for basic website functionality, security, and user authentication.

Authentication Cookies

Session tokens, login state, admin access

Security Cookies

CSRF protection, form validation

Analytics Cookies

Optional

Help us understand website usage and improve performance through Google Analytics 4.

Google Analytics 4

_ga, _ga_[MEASUREMENT_ID], _gid

Tracks page views, sessions, events, conversions

Session Tracking

fb_session_id (our internal session ID)

Links your behavior across pages and platforms

Marketing Cookies

Optional

Used for Facebook advertising, campaign tracking, and personalized marketing.

Facebook Pixel

_fbp (browser pixel), _fbc (click ID)

Tracks conversions, builds audiences, optimizes ads

Campaign Attribution

UTM parameters stored in session

Tracks which campaigns drive purchases

Preference Cookies

Optional

Remember your choices and provide enhanced, personalized features.

Cookie Consent

sgl-cookie-consent

Remembers your cookie preferences

User Preferences

Theme settings, language, display options

Enhances your user experience

Cookie Expiration & Management

Session Cookies

Expire when you close your browser. Used for temporary functionality.

Persistent Cookies

Remain for 30-90 days for analytics and marketing. You can delete them anytime.

Your Control

Manage preferences via our cookie banner or your browser settings.

Geographic Privacy Compliance

We use your geographic location to determine which privacy laws apply to you and whether to display a cookie consent banner. This helps us provide appropriate privacy protections based on your jurisdiction.

How Location Detection Works

• Your approximate location is determined via IP address
• We identify your country and state/region
• No precise GPS location is collected
• Location data is cached in a cookie for 24 hours
• Used only for privacy compliance decisions

Consent Banner Display Logic

• International visitors: Always shown (GDPR compliance)
• US privacy law states: Always shown (CA, VA, CO, CT, TX, etc.)
• Other US states: Banner may not be shown
• Unknown location: Banner shown for safety

Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) browser signals. If your browser sends a GPC signal, we will treat this as a request to opt out of the sale or sharing of your personal information, and we will automatically disable marketing and analytics cookies.

Data Retention Policy

Retention Periods

Account Data

Active accounts: Retained for as long as your account is active

Deleted accounts: Removed within 30 days of deletion request

Learning Progress

Course progress: Maintained throughout account lifetime

After deletion: Permanently removed with account

Financial Records

Payment history: 7 years for tax and legal compliance

Billing data: 3 years after last transaction

Analytics & Tracking Data

Google Analytics 4: 14 months individual, indefinite aggregated

Google Ads: 540 days for conversion data

Facebook/Meta: 90 days cookies, 180 days CAPI events

Microsoft Ads/Clarity: 180 days for UET, 30 days recordings

Quiz responses: 2 years or until account deletion

Marketing Data

Email subscribers: Until unsubscribe + 30 days

Contact form data: 3 years after submission

UTM/Attribution: 2 years for campaign analysis

Complete Data Deletion

To request account deletion, email support@superguitarlicks.com with subject "Account Deletion Request". Upon verification, we will:

🗑️

Delete account data within 7 days

🔄

Remove from all systems within 30 days

📦

Delete backups within 90 days

Note: Some data may be retained longer if required for legal, tax, or fraud prevention purposes.

Children's Privacy (COPPA Compliance)

Age Requirements

Minimum age to create an account

Minimum age for marketing consent (EU)

Full legal capacity for all services

Parental Consent

• Ages 13-15: Parental consent required in some jurisdictions
• Parents can request access to their child's information
• Parents can request deletion of their child's account
• We do not knowingly collect data from children under 13
• If we discover data from children under 13, we delete it immediately

For parents: If you believe your child under 13 has provided personal information to us, please contact us immediately at support@superguitarlicks.comand we will take steps to delete such information.

Data Sharing and Third-Party Services

We Do NOT Sell Your Data

We do not sell, rent, or lease your personal information to third parties for marketing purposes. We only share your information in the limited circumstances described below.

Trusted Service Providers

Payment Processing

Stripe Inc. - Credit/debit card payment processing

Data shared: Payment details, billing address, transaction history

PayPal Payments

PayPal Inc. - Alternative payment processing

Data shared: Email address, transaction details, order metadata, billing information

Database & Hosting

Supabase Inc. - Database and authentication services

Data shared: Account data, learning progress, preferences

Video Services

Vimeo Inc. - Video hosting and analytics

Data shared: Video viewing data, engagement metrics

Google Analytics 4

Google LLC - Advanced analytics and ecommerce tracking

Data shared: Page views, events, purchases, user behavior, demographic insights

Facebook Inc. (Meta)

Facebook Pixel & CAPI - Advertising optimization and conversion tracking

Data shared: Page views, purchases, leads, hashed user data, device information

Email Services

Resend - Email delivery and communications

Data shared: Email addresses, engagement metrics (with consent)

Legal Requirements

When required by law, court order, subpoena, or to protect our rights and the safety of our users. We will notify you unless legally prohibited.

Business Transfers

In connection with a merger, acquisition, reorganization, or sale of business assets. You will be notified of any change in ownership or control.

With Your Consent

Any other sharing of your personal information will only occur with your explicit consent, which you can withdraw at any time.

Your Privacy Rights

Access & Portability

Request access to your personal data and receive a copy in a portable format

Correction

Update or correct inaccurate personal information we have about you

Deletion

Request deletion of your personal data (subject to legal requirements)

Opt-Out

Withdraw consent for marketing communications and non-essential processing

Restriction

Limit how we process your personal information in certain circumstances

Objection

Object to processing based on legitimate interests or direct marketing

California "Do Not Sell or Share" Rights (CCPA/CPRA)

Under California law, you have the right to opt out of the "sale" or "sharing" of your personal information. While we do not sell your data for money, certain data sharing for advertising purposes may qualify as a "sale" under CCPA.

What This Means

• Sharing data with advertising platforms (Facebook, Google, Microsoft) for targeted ads
• Cross-context behavioral advertising
• Audience building for remarketing

How to Opt Out

• Click the cookie preferences button at the bottom of any page
• Disable "Marketing" cookies in the consent banner
• Enable Global Privacy Control (GPC) in your browser
• Contact us at support@superguitarlicks.com

Note: Opting out will not affect essential services or your ability to access courses. We will continue to process your data for essential purposes like account management and course delivery.

To exercise your rights, contact us at:

Contact Privacy Team

Data Security

We implement industry-standard security measures to protect your personal information:

🔒

Encryption

SSL/TLS encryption for data in transit and AES encryption for data at rest

🛡️

Access Controls

Multi-factor authentication and role-based access for all systems

📊

Monitoring

24/7 security monitoring and regular security audits and penetration testing

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

EU Standard Contractual Clauses for transfers to third countries
Adequacy decisions where applicable
Binding Corporate Rules for intra-group transfers
Certification schemes and codes of conduct

Changes to This Privacy Policy

How We Handle Updates

Minor Changes

• Updates to contact information
• Clarifications of existing practices
• Additional security measures
• Posted with updated "Last Modified" date

Material Changes

• Changes to data collection practices
• New ways of using your information
• Changes to data sharing practices
• 30-day advance notice via email

Your Options When We Update This Policy

✅

Continue using our services (acceptance)

⚙️

Update your privacy preferences

🚪

Close your account before changes take effect

Complaints and Supervisory Authority

File a Complaint

If you have concerns about how we handle your personal data, you have the right to file a complaint with:

Contact Us First

We encourage you to contact us directly so we can address your concerns:

• Email: support@superguitarlicks.com
• Response time: Within 24 hours
• Resolution goal: Within 30 days

Supervisory Authority

You can also file complaints with data protection authorities:

• EU: Your local Data Protection Authority
• UK: Information Commissioner's Office (ICO)
• California: California Privacy Protection Agency

Important Notice

Filing a complaint with a supervisory authority does not affect your right to seek judicial remedy. We are committed to working with supervisory authorities to resolve any complaints and will cooperate fully with any investigations.

Contact Us

Privacy Questions

Email: support@superguitarlicks.com

Response Time: Within 72 hours

Data Protection Officer

Email: support@superguitarlicks.com

Response Time: Within 24 hours

We Value Your Privacy

Your trust is important to us. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information.

This privacy policy is designed to help you understand your rights and make informed decisions about sharing your personal information with SuperGuitarLicks.

This privacy policy is effective as of January 1, 2025.